►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
welcome
to
our
container
security
group
meeting.
I'm
super
excited
for
these
demos.
Today,
alexander
you've
got
the
first
item.
B
Yeah,
so
the
ability
so
originally
this
is
something
we
missed
and
then
sam
brought
back
to
our
attention
that
you,
when
creating
a
policy,
that's
where
you
decide
whether
you
want
to
have
an
alert
or
not,
and
I
merged
that
code
last
week,
and
so
now
you
can
add
a
policy
and
say
yes,
I
want
to
learn
with
this.
It's
got
a
little
banner
that
gives
a
warning
about
our
making
sure
that
you're
not
flooding,
get
loud
with
the
words,
but
that
is
it
now.
A
Yeah
fantastic.
That
looks
great.
I
know
almost
every
time
we
do
a
demo
alexander,
and
I
look
at
it.
I
think
of
another
thing
that
I
throw
back
at
you
and
I
feel
bad
because
I'm
about
to
do
that
again,
it
just
crossed
my
mind
literally
like
five
minutes
ago.
I'm
wondering
what
happens
if
users
don't
have
cads
set
up
what,
if
they're,
using
only
gitlab
managed
apps
v2?
A
A
Issue
for
it
on
that
one,
because
I
left
that
out
of
the
requirements
entirely
but
just
realized,
we
might
be
running
into
an
edge
case
here,
based
on
the
way
we've
designed
things
where
you
know.
We've
got
this
easy
button
in
the
ui,
but
they
don't.
It's
not
obvious
that
you
have
to
install
cads
for
this
thing
to
work.
A
C
C
Lab,
that's
it.
We
sam-
and
I
were
just
talking
about
that.
You
know
we.
We
got
a
few
things
that
are
looking
like
going
to
make
in
138,
but
there's
a
complication
of
the
feature
flag.
C
That's
currently
off
by
default.
So
switching
that
on
to
on
by
default
in
such
a
short
notice
would
be
risky,
in
my
opinion,
but
also
complicated
by
the
fact
that
if
we
do
switch
it
on
by
default,
we
have
to
force
it
to
off
on
gitlab.com,
because
gitlab.com
won't
have
caz
until
until
it
has
caz.
Another
team
is
is
doing
that.
D
D
Ui
perspective,
in
the
case
of
alert,
if
you
just
add
the
notation
and
you
save
the
network
policy,
it's
not
going
to
break
anything.
It's
just
going
to
be
a
false
positive
that
you
think
that
you're
doing
something
that
you're
actually
not
doing.
C
A
B
Yeah
tiago,
you
said
a
lot
of
interesting
things
just
now
about
dot
com
and
agent
k
versus
cavs.
Let's
save
that,
for
I
think
wayne
has
an
agenda
item
at
the
bottom.
I
think
we'll
ties
that
into
that
nicely.
So,
let's,
but
I
have
several
questions
regarding
that.
C
I'll
take
I'll
take
the
second
demo.
I
won't
do
the
actual
demo,
but
but
john
has
created
a
an
integration
for
trivia
right
now,
container
scanning
in
gitlab
uses,
claire
and
as
part
of
live
container
scanning.
We
investigated
using
trevi
we
compared
how
easy
it
would
be
to
implement
and
and
and
the
and
the
outcome,
the
values
of.
How
do
they
look
and
trevi
came
out
ahead?
We
we
made
a
choice
to
use
that
for
live
container
scanning,
but
then
can
on
his
on
his
own
personal
time.
C
C
Should
we
go
ahead
and
not
do
that
and
and
focus
on
tree
instead
and
to
enable
that
I
I'm
gonna,
have
a
I'm
gonna
write
an
issue
to
to
check
whether
or
not
this
could
be
a
dropping
replacement.
So
if,
if
a
customer
is
running
container
scanning
in
claire
and
we
replace
that
with
trivi,
does
it
magically
work,
I.e
the
the
environment
variables
all
the
parameters
that
the
user
facing
controls
are
they
still
honored
and
on
the
on
the
flip
side,
to
do
the
reports?
C
The
report
looks
the
same
because
we
ingest
and
all
that,
but
you
might
get
more
or
less
vulnerabilities
with
trivia,
because
at
the
end
of
the
day
it's
a
different
scanner
and
a
different
database.
So
you
could
get
different
results.
So
we
want
to
know
that
as
well,
but
it's
it's
really
good.
C
Xamir
and
and
sam
have
words
in
there.
If
you
want
to
add
to
it.
A
Yeah,
I
just
have
I'm
just
super
excited
about
this.
This
is
awesome
news.
You
know
we're
trying
to
figure
out
what
to
do
here
anyway,
and
I'm
really
excited
about
how
much
work
has
already
been
done
here.
That
john
did
for
us,
so
we
don't
have
a
great
sample
size,
but
we
do
have
three
data
points
from
different
customers
that
have
expressed
an
interest
in
trivia
and
a
preference
for
trevi
over
claire
and
clark.
A
So
you
know
three
votes
for
switching
no
votes
for
keeping
the
same
again,
not
a
huge
sample
size,
but
it
is
an
indicator
that
switching
it
out
would
make
at
least
some
customers
really
happy
even
just
having
these
projects
here.
Even
if
we
don't
switch
it
out
in
the
product,
you
know
pointing
them
at
these
projects
and
letting
them
adopt
them
is
going
to
be
a
huge.
D
That
the
the
code
size
is
very
small
and
the
dependency
is
like
zero.
So
if
we
compare
that
with
claire
it's
way,
different
and
also
the
test
approach
is
awesome.
It
it
has
tests
for
everything
already.
It
has
a
huge
amount
of
tests
already
from
the
amount
of
code
that
we
have.
C
Thank
you,
you
should
should
somebody
just
keep
the
floor
since
you've
got
the
last
demo.
C
Not
demo
a
walkthrough.
D
D
Call
it
a
devil,
just
a
couple
things
I
know
alexander's
want
to
talk
about
that
later
on.
I
just
want
to
mention
that
cast
doesn't
have
the
version
that
we
have,
that
we
have
our
features
right
now
on
staging.
So
then
that's
why
we
cannot
demo
there
and
also
cast
is
in
the
progress
of
being
bundled
into
gitlab.com.
D
I
have
the
mrs
and
I
can
put
share
that
if
you,
if,
whatever
you
want
to
take
a
look
on
that
so
just
oh,
I'm
not
sharing
my
screen.
D
D
Yeah,
okay,
so
just
a
quick,
can
you
guys
see
my
screen?
Okay,
so
this
is
the
workflow
for
git
ops.
We
don't
we're
not
too
concerned
here.
The
things
that
I
want
to
show
here
is
the
relationship
between
the
kubernetes
agents
agent
and
the
agent
configuration
repository.
The
asian
configuration
repository.
It's
a
project,
that's
going
to
contain
the
base
configuration
for
the
agent.
D
So
when
you're
using
the
agent,
you
have
to
have
a
repository,
that's
going
to
load
information
to
the
agent
and
if
you
are
using
git
ops,
you
also
need
additional
repositories.
That's
going
to
contain
the
manifests,
but
I
don't
want
to
focus
too
much
on
that
unless
you
have
specific
questions
about
how
git
ops
works,
but
in
general
now
agent
has
two
modules:
one
is
git
ops,
the
other
one
is
ours.
D
So
if
we
go
inside
the
dot
gitlab,
we
are
going
to
have
this,
that
the
format
is
dot,
gitlab
agents
and
then
the
name
of
agent
and
the
config
tml
that
you
want
so
here.
What
I
have
is
that
I
have
the
keeps
ops
feature
here
that
I
I
just
use
this
to
make
sure
that
we
are
not
breaking
each
other's
work.
D
So
we
have
the
github
feature
here
that
basically
just
have
a
which
projects
are
considered
to
be
manifest,
that
it's
need
to
keep
pulling,
but
again
like
I'm
talking
about
about
that.
But
we
should
not
worry
too
much
about
git
ops
right
now
and
then
what
we
have
now
is
that
we
have
celium
and
then
we
have
a
hubble
relay
address.
D
The
way
we
did
this
is
that
it
requires
the
hubble
relay
it's
going
to
change
slightly
from
version
1.8
and
1.9,
and
people
might
have
like
ingress
to
hubble
relay
or
they
might
have
specific
serves
that
they
want
to
set
up
the
default.
One
is
cluster
ip
that
it
comes
by
default
and
then
what
I
do
here,
I
just
put
localhost
because
that
snaps
to
my
to
my
my
machine,
my
local
environment,
so
that's
what's
required
from
the
user
perspective.
D
I
run
this
project
because
we
have
the
application
and
then,
with
the
application,
we
have
the
environments,
I'm
going
to
mention
why
we
need
the
environments.
If
we
go
to
trade
monitoring,
I'm
going
to
speed
up
a
little
bit
if
I'm
choose
low,
you
guys,
just
let
me
know
so.
We
have
no
alerts
for
now
and
under
policy.
D
Oh
sorry,
if
we
don't
have
any
environment,
this
place
is
going
to
be
blank.
Why?
Because,
when
we
initially
developed
this
page,
which
was
based
on
statistics
and
the
statistics,
requires
the
environment,
so
I
don't
know
if
that's
something
I
create
an
issue
for
that,
I
don't
know
if
that's
something
that
we
want
to
tackle
in
the
future
or
if,
if
it
is
something,
that's
not
important
at
all.
D
Interrupt
your
demo,
so
so
so
then,
I'm
just
going
to
reset
this
basic
scenario
that
I'm
having
here.
I
have
a
scenario
that
I
have
a
go
application,
and
this
is
the
same
project
that
handles
the
agent
k
configuration.
D
Okay,
so
then
what
we
have
here,
we
have
a
policy,
that's
disabled,
I'm
going
to
go
to
the
policy
page
here.
D
This
is
going
to
be
related
to
the
name
space
that
I
deployed
here
and
what
happens
that
this
network
policy
only
allow
ingress
from
endpoints
that
have
this
app
none,
and
I
have
nothing
in
my
cluster
like
this.
This
is
just
to
for
us
to
force
some
drops,
but
it's
this
disabled.
So
that's
why?
If
we
go
to
the
application
here
on
the
other
side,
I
can
just
refresh
it
and
it's
working.
D
So
then,
now,
if
we
enable-
oh
just
another
point
alerts
not
enabled
here,
so
if
I
just
enable
this
and
we
save
so
now,
we
have
an
enabled
network
policy-
that's
going
to
allow
only
ingress
from
that
label
appnon
that
there
is
nothing
in
the
cluster.
So
then,
whenever
we
we
try
to
load
it's
going
to
timeout,
that's!
What's
the
basic
thing
that
we
had
before.
This
is
nothing
new.
It's
just
how
we
implement
network
policy
in
previous
iterations.
D
Okay,
so
then,
if
we
go
back
to
the
policy
now.
D
Now
we
have
the
annotation
here
that
we
agreed
upon
and
let
me
save
it.
D
So,
what's
going
to
happen,
I'm
just
going
to
show
you
this
pretty
quickly
here.
So
they
get
for
network
policy.
We
go
from
the
ui,
we
call
the
back
end.
The
back
end
use
the
cube
controller,
and
then
we
save
stuff
in
the
cluster
same
thing,
for
the
loading
when
we
load
network
policy
we
load
from
the
cluster
to
kubernetes,
cube
ctl
skip
ctl
back
end,
and
it
goes
to
the
ui
alert
is
going
to
work
in
a
very
different
way.
D
D
And
we
see
the
alerts,
so
there
is
a
couple
of
there's
a
couple,
mrs
you
open
for
this
to
work,
as
is,
I
think,
there's
one
or
two,
mrs
for
that
the
details
are
are
in
progress.
Alexander
is
working
on
that
and
but
it
they
work,
because
I
I
hacked
a
little
bit
the
other
page
just
to
show
just
to
see
if
they
were
coming
up
or
not.
The
point
is
that
if
I
go
to
operations
now
and
show
alerts,
we
are
not
going
to
see
anything
there.
D
Okay
and
nowhere
message
as
well,
and
these
are
the
things
I
have.
Let
me
know
if
you
have
any
questions.
C
How
come
we
got
heaps
of
alerts
there?
Not
just
one.
D
What
happened
is
that
when
you,
when
you
go
to
the
browser
and
you
you
you
make
a
request
like
that
it
just
it's
not
one
request
that
gets
sent
right.
It
gets
sent
the
request
over
time.
So
what
I
did
in
my
test
is
that
I
did
a
curl
and
then
you
for
the
curl
you
can
set
like
one
and
then
you
just
get
one.
It's
the
right.
D
A
Consistent
yeah.
On
that
same
note,
I
know
that
the
monitor
team
is
able
to
aggregate
these
up
to
some
extent.
So
maybe
that's
a
future
issue,
but
because
you
can
have
multiple
events
tied
to
the
same
alert
and
so
ideally
we
would,
you
know,
roll
those
all
up
so
that
you
just
have
one
item
in
this
list,
and
it
says
you
know.
Oh,
it
happened
20
times,
okay,
yeah,
maybe
that's
a
follow-on.
A
D
And
from
the
log,
if
you
see
the
raw
log,
there
is
something
called
there
is
a
couple
of
flags
called.
I
forgot
the
name
of
the
flag
specifically,
but
they
have
different
types.
They
have
like
acknowledgements,
they
have
system,
they
have
a
couple
flags
for
the
same
request.
So
maybe
we
could
feature
future
on
that
level
as
well.
A
C
This
is,
this
is
great
amir.
I
I
I
just
want
to
call
out
everything
that
went
in
into
this,
because
integrating
with
psyllium
is
not
an
easy
task,
there's
only
so
much
the
documentation
tells
you
zameer
had
to
go
and
reach
out
to
to
the
psilium
developers
the
kaz
side
on
gitlab,
it's
golang,
I
mean.
C
D
But
that
that's
also
the
api
work,
the
graphql
work
was
john's
and
front.
End
was
100
alexander.
So
for
me,
at
the
end
of
the
day,
it's
just
agent
k
and
cass.
A
B
Yeah,
oh
zamir,
could
you
send
me
over
the
payload
for
this
demo
that
you've
given
me
like
the
payload
from
graphql
for
those
alerts,
because
I
noticed
that
the
the
alert
name
is
not
the
policy
name
and
okay?
You
should.
I
should
see
if
we
can
get
that
in
there
sure
that's
what
sam
you
wanted.
A
B
Right
so
yeah
there's
just
some
I'm
using
the
wrong
field.
It
seems
like,
on
the
front
end
for
the
name
column
and
should
be
an
easy
fix.
B
Sure,
I'm
gonna
send
you
right
away.
Awesome.
Thank
you.
I
have
not.
You
know,
as
this
has
been
in
flux.
I've
not
had
a
back
end
to
work
with,
but
also
container
security
is
sort
of
notoriously
hard
to
set
up
a
local
environment
for
and
it's
something
I
need
to
do.
I
want
to
be
able
to
make
my
own
policies,
but
I'm
a
little
hesitant
to
like
set
up
pounds.
C
B
C
B
I
might
be
reaching
out
to
you
for
some
details
on
how
to
get
this
working
on
my
machine
as
well.
C
D
I
just
have
one
thing:
bmr
for
annotation:
is
there
open
I'm
gonna
open
the
l4
right
now
we
just
support
l3.
So
then
I'm
gonna,
open
l4
for
sure
by
before
the
end
of
this
week
and
maybe
l72
so
from
the
asian
case
side.
We
should
have
most
of
the
things
by
the
end
of
this
week.
A
All
right
so
for
wayne's
item,
he
says:
what's
the
next
enhancement,
we're
planning
to
put
in
a
future
release
post
which
releases
this
tentatively
planned
for?
Well,
of
course,
that
would
be
the
alert
dashboard
is
the
next
one.
That's
release
post,
worthy
timing,
I'm
to
defer
to
lindsey
and
thiago.
C
Alexander,
you've
done
a
good
job
with
the
with
the
answer
there
on
the
front
end,
I
haven't
read
it
all
so,
but
I'll
I'll,
let
you
verbalize
I'll.
Just
do
my
spiel
from
my
answer
there
I
said
I
said
39,
because
even
though
the
ceiling
integration
is
done,
it's
merged.
C
It's
it's
it's
available
right
now
we
don't
have
l4.
Let
me
just
mention
we
we
got
he's
going
to
get
the
mr.
There
annotations
is
going
to
definitely
going
to
get
in
by
13
8.,
but
l4
and
l7
may
or
may
not
get
by
13
8.
We
do
have
a
complication
of
the
feature
flag
and
as
part
of
removing
a
feature
flag
or
turning
a
feature
flag
by
default.
C
There's
a
process
that
you
need
to
follow.
We
we
can't
remove
the
feature
flag
because
dot
com
doesn't
have
caz.
If
we
remove
the
feature
flag,
dot
com
will
start
showing
the
stuff
and
it
won't
work.
So
our
only
option
is
to
turn
it
on
by
default.
C
We
still
need
to
go
through
through
these
checks,
and
I
think
it's
cutting
way
too
close.
So
this
is
likely
to
be
live,
138
or
or
early
39,
but
I
I
wouldn't
be
comfortable,
saying:
oh
yeah,
we
having
a
13-8
sorry
long-winded
explanation
for
a
short
answer
of
39
alexander.
Do
you
want
to
talk
about
the
the
questions
and
the
front
end
yeah?
So
I
think
this
if,
if
you're
comfortable
discussing
front
end,
if
you
don't
wait
for
lindsay
to
no.
B
It's
fine,
I
I
think,
what's
throwing
me
off
here.
Is
I
so
this?
This
is
basically
going
to
be
sort
of
ready
for
self-hosted
before
it's
ready
for
dot-com,
and
that
is
where,
like
it's,
concerning
from
like
a
testing
standpoint
of
whether
this
works
properly,
because
if
we
just
I
mean,
do
we
have
a
self-managed.
C
D
Okay
yeah
on
this
point
sorry,
alexander,
there
are
two,
mrs
that's
going
to
be,
allowing
this.
I
can
put
them
on
the
document
they
gotta
prove
to
both
of
them.
There's
just
a
few
minor
comments,
so
they
should
be
merged,
pretty
quick
and
then
we
are
going
to
have
it
on
staging
but
yeah
it
might
take
like
it
might
take
a
week.
B
Okay,
so
okay,
I
think
then,
if
I
mean
then,
if
we
have
end
staging,
then
I'll
feel
comfortable.
That
will
work
on
self-hosted.
If
it's
working
properly
in
staging
right.
Does
that
make
sense.
C
It
does
I
mean
I,
I
don't
know
enough
about
caz
what
needs
to
be
done
on
infrastructure
and
what
needs
to
be
done
on
a
self-managed
instance.
So,
there's
that
caveat
there.
There.
D
Is
a
there
is
a
okay.
There
is
okay
information
about
that.
I
can
also
put
that
somewhere
how
to
enable
cast
if
you
are
handling
self-hosted.
Basically,
basically,
it's
it's
all
here.
C
B
D
No,
not
that
one
no
zamir,
you
mentioned
something.
There
is
a
that.
The
understanding
that
I
have
is
that
for
the
graphql
we
are
going
to
affect
the
monitoring
chain
that
we
are
sharing
the
code
and
then
I
understand
that
from
alexander
perspective,
as
soon
as
you
start
tackling
those
things
it's
very
important
to
be
taxed
in
production,
because
we
don't
want
to
break
their
stuff.
B
I
can
see
right
now:
there's
updating
the
name
field
to
show
the
policy
name
instead
of
whatever
it's
showing
now
there
is
updating
the
graphql,
the
graphql
query
that
we're
currently
sharing
with
the
alert
team,
the
monitor
team,
so
that
our
alerts
go
to
our
page
because
right
now
in
staging,
I
just
have
it
so
that
we're
getting
the
alerts,
the
monitor
alerts
as
well,
because
otherwise
it
wouldn't
have
a
ui
to
test
against
and
then
there's
the
third
issue
of
that
sam
mentioned
in
the
beginning
of
this
meeting
about
the
demo
and
informing
the
users.
C
The
the
the
answer
that
I'm
looking
for
just
to
take
you
off
the
not
to
put
it
in
a
corner,
is
it
it
doesn't
matter
if
I
think
it
doesn't
matter
that
much
if
front
end
is
not
done
in
38,
because
I've
already
made
a
call
for
backhand
on
39..
So
if,
if
you're
comfortable
with
it,
with
these
front-end
bits
being
done
in
39,
I
think
you're
off
the
hook.